473ebb9c9b214d6ecf715322658569d6ae7bf050c01a58f42c3da61b4eafe642

General

Target

473ebb9c9b214d6ecf715322658569d6ae7bf050c01a58f42c3da61b4eafe642.elf
Size

300KB
Sample

241018-b112csyena
MD5

5d4282a728d4f03f67f43c6b11de3920
SHA1

a7c66c4a2bc20aff3ad2c8d4eb529a8d000bff35
SHA256

473ebb9c9b214d6ecf715322658569d6ae7bf050c01a58f42c3da61b4eafe642
SHA512

528e0d4df1366d501e27bfc2d0ec9b0aa51fc513eae86051ea2c8210a102d8e14945e954b671503c6a096137fa2e5fe57fe9704d043f03e514042f4c2bcc5ccd
SSDEEP

3072:2glZ3FtCKXhkmHtZ9TEKzjfj/WMngyIfsJ0F7xPto:2IIKXhZtL7jOTyIG87X

Score

9^/10

Malware Config

Targets

- Target
  
  473ebb9c9b214d6ecf715322658569d6ae7bf050c01a58f42c3da61b4eafe642.elf
- Size
  
  300KB
- MD5
  
  5d4282a728d4f03f67f43c6b11de3920
- SHA1
  
  a7c66c4a2bc20aff3ad2c8d4eb529a8d000bff35
- SHA256
  
  473ebb9c9b214d6ecf715322658569d6ae7bf050c01a58f42c3da61b4eafe642
- SHA512
  
  528e0d4df1366d501e27bfc2d0ec9b0aa51fc513eae86051ea2c8210a102d8e14945e954b671503c6a096137fa2e5fe57fe9704d043f03e514042f4c2bcc5ccd
- SSDEEP
  
  3072:2glZ3FtCKXhkmHtZ9TEKzjfj/WMngyIfsJ0F7xPto:2IIKXhZtL7jOTyIG87X
Score

9^/10

defense_evasion discovery persistence upx
- Contacts a large (4817) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
  defense_evasion
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
  discovery
- Enumerates running processes
  Discovers information about currently running processes on the system
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
- Writes file to system bin folder
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1